Wiki.js uses markdown-it-attrs which interprets curly braces inside
inline math ($...$) as attribute directives, stripping them from the
formula. Additionally, markdown table parsers split cells at both `|`
and `&` characters, breaking formulas containing those symbols.
This fix replaces `{`, `}`, `|`, and `&` inside math expressions with
Unicode Private Use Area placeholders during markdown parsing, then
restores them before passing to KaTeX/MathJax for rendering.
- `<E000>` / `<E001>`: temporary replacements for `{` / `}`
- `<E002>`: temporary replacement for `|` (table cell delimiter)
- `<E003>`: temporary replacement for `&` (table cell delimiter in
multiline tables, used by LaTeX cases/arrays)
The placeholder approach was chosen over HTML escaping because it
preserves LaTeX environments like `\begin{array}` that were broken
by the previous `{{}}` escaping method.
Fixes#1581Fixes#1462
Co-authored-by: Claude <noreply@anthropic.com>
AI-model: kimi-for-coding/k2p6
* Update render.js
# Improved handling of mustache expressions and v-pre attribute assignment
## Changes Made:
- Ensured that the parent tag of such text nodes is explicitly set to a `<p>` tag with the `v-pre` attribute.
- Added debug messages for better understanding of the script execution flow [THIS SHOULD REMOVED WHEN PUSHING TO PRODUCTION].
## Why it Works:
- When a mustache expression is found, the script either wraps it in a new `<p>` tag with the `v-pre` attribute or adds the `v-pre` attribute to the existing parent `<p>` tag.
- This approach ensures that the template code is not removed but encapsulated within `<p>` tags with the `v-pre` attribute, as required.
## Test Cases Passed:
1. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>`
2. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>`
3. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</p>`
4. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</xyz></p>`
5. `<p><xyz>{{constructor.constructor('alert("Test Case 8")')()}}<xyz>{{constructor.constructor('alert("Test Case 9")')()}}</xyz></p>`
This commit enhances the robustness and reliability of handling mustache expressions and ensures proper assignment of the `v-pre` attribute, to ensure that there is no room for the weaponization of the template code later in the rendering process.
* fix: move template expressions after dom-purify + handle text nodes without parent
---------
Co-authored-by: NGPixel <github@ngpixel.com>
* feat: added implementation for group mapping in SAML strategies
---------
Co-authored-by: Abderraouf El Gasser <abderraouf.elgasser@iktos.com>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
Hugo Gu
mod242
NGPixel
Felix Eckhofer
Mia Moir
ss033
scottnursten-22
Benoît des Ligneris
Ole Christian Tvedt
Jacob Beneski
Ethan
CDN
Jasmine Tai
aelgasser
Pablo
Jason Minard
Jaeseo Park
Andrew McFadden
matt1097
DerekJarvis
robinho81
gueldi
Eric Knibbe
Charlotte County Public Schools
Aurélien Lajoie
Sleuth56
Boris
CDN
cannorin
natsutteatsuiyone
Simon Lichtinghagen
Andrei Senchuk
adroslice
Fionera
Jared Brogan